The Best Way to Beat a Hacker is to Think Like One

Posted by Shruthika Kamat on June 15, 2018 at 1:13 PM

In today’s threat environment, focusing on prevention alone is no longer a sufficient strategy. In 2016, there were 40% more reported incidents of data breaches compared to 2015. Experts anticipate that the number of incidents will increase further in 2017.

IT managers must acknowledge that a data breach is possible. Understanding how a hacker thinks is critical to being prepared.

Understanding The Cyber Kill Chain

The cyber kill chain (CKC) represents all the steps a hacker has to take to compromise a target. By developing counter strategies for each, organizations have a better chance of preventing a threat from accomplishing its mission.

 

Here are the 7 steps of the chain:

  1. Reconnaissance: The threat actor researches potential targets and tactics. The threat actor is searching for a method of attack that is both simple and offers a high probability of success.
  2. Weaponization/packaging: The threat actor acquires the tools necessary to carry out an attack, such as custom malware. Tools are generally designed to attack a specific target.
  3. Delivery: The threat is delivered through the chosen mechanism; for example, a phishing email sent to an unsuspecting user.
  4. Exploitation: Once the threat is successfully delivered, it will attempt to compromise the targeted asset. Typically this process will look to exploit a known system vulnerability.
  5. Installation: Usually the threat vector will actively communicate with the threat actor or another outside party. The application will behave stealthily, allowing the threat to remain undetected.
  6. Command and control: Threat actors now control targeted assets and gather data.
  7. Action on targets: In this final stage, the threat actor steals or compromises data or both.

It’s important to note: Hackers don’t necessarily progress along the CKC in a strictly linear fashion. Sophisticated threat actors will go back to earlier steps to conduct additional reconnaissance.

Stopping Hackers In Their Tracks

Fortunately, there are steps organizations can take to defeat a hacker at any link in the CKC.

  1. Reconnaissance: Using methods such as penetration testing to identify your organization’s vulnerabilities.
  2. Weaponization: Understand the current threat environment by keeping up-to-date on threat awareness.
  3. Delivery: Deny threat actors access to your environment via firewalls, payload inspection systems and other security technologies.
  4. Exploitation: Monitor your network. Use network, host and server technologies to detect threats and deny access to your environment.
  5. Installation: Utilize host-specific methods to detect the installation of malicious threats.
  6. Command and control: Use network monitoring tools that can detect threat actors’ attempts to access compromised assets from outside of the network.
  7. Action on targets: Prevent the actor from carrying out the core mission with technologies that can identify unauthorized activities such as next-generation firewalls and intrusion prevention systems.

Email & Network Security

 

Tags: Tags: , , , , , , ,